Re: Bug#932943: Missing SHA512 and gpg signature

To: debian-cloud@lists.debian.org
Subject: Re: Bug#932943: Missing SHA512 and gpg signature
From: Thomas Goirand <zigo@debian.org>
Date: Tue, 6 Aug 2019 15:35:35 +0200
Message-id: <[🔎] bbbb42bc-2d4a-9f8a-aaf0-b24c6ff77b17@debian.org>
In-reply-to: <[🔎] 20190806083057.7an2eiee3wd55yl4@shell.thinkmo.de>
References: <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <[🔎] 944c22ae-a143-828b-8a47-9569f24bd848@debian.org> <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <[🔎] 20190804162930.yr4we3rgr2tp2w3x@shell.thinkmo.de> <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <[🔎] af92191a-c77a-a7b0-d75a-3784a8c19aeb@debian.org> <[🔎] 20190806083057.7an2eiee3wd55yl4@shell.thinkmo.de>

On 8/6/19 10:30 AM, Bastian Blank wrote:
> On Mon, Aug 05, 2019 at 10:07:46AM +0200, Thomas Goirand wrote:
>> Unfortunately, OpenStack Glance only shows SHA512, not SHA3, so even if
>> we do both, we must keep SHA2 512.
> 
> What does Glance show and how does this relate on what we use to allow
> verification of the downloaded images?
> 
> My (old) Glance reports this:
> 
> | +------------------+--------------------------------------+
> | | Property         | Value                                |
> | +------------------+--------------------------------------+
> | | architecture     | x86_64                               |
> | | checksum         | 90e94dc3687292c33b931aee4b58ee8a     |
> | | container_format | bare                                 |
> | | created_at       | 2018-08-03T07:59:16Z                 |
> | | disk_format      | qcow2                                |
> | | id               | f77594ee-642e-4343-9884-9599fbc8f481 |
> | | min_disk         | 0                                    |
> | | min_ram          | 0                                    |
> | | name             | Debian 9 -- 20180803                 |
> | | owner            | f681c65dc978473c814ff7aa4fdc75cb     |
> | | protected        | False                                |
> | | size             | 623210496                            |
> | | status           | active                               |
> | | tags             | []                                   |
> | | updated_at       | 2018-08-03T07:59:29Z                 |
> | | virtual_size     | Not available                        |
> | | visibility       | public                               |
> | +------------------+--------------------------------------+
> 
> There is a "checksum" field.  However I don't see what kind of checksum
> this should be or what this checksum is calculated from (I uploaded a
> qcow2).
> 
> Regards,
> Bastian

Hi,

What you see above, is an md5sum. Newer versions of Glance show
something like this:

# openstack image show 8556b7ba-5be5-4466-b0a7-26052455a344
+------------------+--------------------------------------------------------------------------------------------------------------------------------
| Field            | Value

                                                                |
+------------------+--------------------------------------------------------------------------------------------------------------------------------
| checksum         | ef66c8b88771267cf99dfafca0c0b9a0

    | container_format | bare

        | created_at       | 2019-06-25T08:22:58Z

            | disk_format      | qcow2

                | file             |
/v2/images/8556b7ba-5be5-4466-b0a7-26052455a344/file

                                           | id               |
8556b7ba-5be5-4466-b0a7-26052455a344
                                                       | min_disk
  | 0

                                               | min_ram          | 0

                                                   | name             |
debian-9.9.3-20190618-openstack-amd64.qcow2
                                                       | owner
  | 504ea0a356ca4066aaa617daff869463
                                                           | properties
      | os_hash_algo='sha512',
os_hash_value='01f5bb09879291e8113ff6477067711b4e25c432f9e8320ac4fa9cee67026bcd39635b9248d5a4ab236c9d2b26c3df296429faca12d77b5a074207a38445b172',
os_hidden='False' |
| protected        | True

    | schema           | /v2/schemas/image

        | size             | 586432000

            | status           | active

                | tags             |

                    | updated_at       | 2019-06-25T08:23:01Z

                        | virtual_size     | None

                            | visibility       | public


+------------------+--------------------------------------------------------------------------------------------------------------------------------

IIRC, it's been a few years there's sha512 already.

Cheers,

Thomas Goirand (zigo)

Reply to:

Follow-Ups:
- Re: Bug#932943: Missing SHA512 and gpg signature
  - From: Bastian Blank <waldi@debian.org>

References:
- Bug#932943: Missing SHA512 and gpg signature
  - From: Chris Boot <bootc@debian.org>
- Bug#932943: Missing SHA512 and gpg signature
  - From: Bastian Blank <waldi@debian.org>
- Bug#932943: Missing SHA512 and gpg signature
  - From: Thomas Goirand <zigo@debian.org>
- Re: Bug#932943: Missing SHA512 and gpg signature
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: Bug#932943: Missing SHA512 and gpg signature
Next by Date: Re: Regular meeting of the team
Previous by thread: Re: Bug#932943: Missing SHA512 and gpg signature
Next by thread: Re: Bug#932943: Missing SHA512 and gpg signature
Index(es):
- Date
- Thread